Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
vavava
Contributor

CP "Unused Objects" compare with Tufin "Unattached Network objects"

Hi all
I got a task to check for unused objects on our FW, version 80.40.
We also have Tufin to managering our Network.
After I export CP "Unused_Objects" & Tufin "Unattached_Objects" 
I can find out all CP "Unused_Objects" in Tufin "Unattached_Objects" list
and Tufin has more objects than CP.
I check up on those extra objects on CP & the result confuse me. 
All those extra objects are not used in any policies or groups object & without NAT setting , why those objects did not show in "Unused_Objects" of Object Explorer.
As I know, As long as it meets "not in policy, Groups and no NAT setting, it belongs to "Unused_Objects"
Am i wrong or something wrong?

0 Kudos
8 Replies
the_rock
Legend
Legend

I believe your assumption is 100% correct actually. That was always my thought as well. Just curious, what is the difference as far as what Tufin showed you for unused objects? Was the number way higher than the list you saw in smart console?

0 Kudos
vavava
Contributor

smartconsole show "483" objects, Tufin show "1098" objects.
Tufin 1098 objects contain all of "CP unused Objects (483).
I also via smartconsole to check object by "right click> Where Used" to confirm object and the windows show nothing, only display "No usages found"

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Were the differences in objects accounted for by a particular type of object, those used in VPN or anti-spoofing settings (sk176150) perhaps?


Also how far back does your database revision history go?

CCSM R77/R80/ELITE
0 Kudos
vavava
Contributor

CP-> all of Network_objects, Tufin ->cleanup type "C06" Unattached network objects.
I'm not sure the relationship between "objects" and "VPN or anit-spoofing" on CP.
Maybe someone could help us to comprehend it.

"Also how far back does your database revision history go?"

>>> about 1 year 6 months

0 Kudos
the_rock
Legend
Legend

I agree with @PhoneBoy . I also have a feeling that Tufin is finding unsused object on way different criteria than smart console. Maybe if you call their support and clarify this, we can all get a better idea, so it would most likely make more sense. Personally, I never used Tufin myself, so cant really comment on something I have no clue about or how it even works. I know on surface how it functions, but never seen it in action, so to speak : - )

0 Kudos
PhoneBoy
Admin
Admin

What it sounds like is Tufin is finding “unused objects” we’re not showing as such, correct?
For us to troubleshoot this, we would need precise, detailed examples of objects Tufin discovered as unused that we do not identity as such.
This might be better done with the TAC as the underlying issue might be a bug.

0 Kudos
vavava
Contributor

I don't mean to say that "CP" is worse than Tufin.
I just don't know how to explain to my boss why the extra items shown on Tufin and not on CP.
I attach a photo and cover some words.

キャプチャ1.PNG

S__38002699.jpg

It look like no any different in boths host objects.

Is there any methods to show out more objects details ?

0 Kudos
PhoneBoy
Admin
Admin

Details level full is as much as you can show about an object.
I assume when you query “where-used” on both objects, they show as unused, correct?
Like I said, a TAC case is probably necessary.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events